"All new accounts, password changes, and account recovery actions will require the use of a password randomly generated by your browser."

@ned Does this mean that even if you had a very strong password before the hack, should we still change? Or is it just for the ones that created easy passwords when signing up.

(did they get access to passwords or have they just been targeting users with valuable wallets and tried to brute force)